Google Chrome’s automatic update feature means that we don’t normally need to think about being on the latest version, but occasionally users will want to take a break and make sure they are up to date – this is one of those days. The version of Chrome 88 released now for Windows, Mac and Linux (88.0.4324.150) addresses an item, but it is a big problem.
According to a blog post, security researcher Mattias Buelens reported a vulnerability in Chrome’s WebAssembly and JavaScript V8 engine, which could allow an attacker to execute code on the victim’s computer. Google did not elaborate on the problem, labeled CVE-2021-21148, but said it is aware of reports that the bug is already being exploited in freedom, so update immediately.
In a note, Google said that “access to bug details and links can be kept restricted until the majority of users are updated with a fix. We will also maintain restrictions if the bug exists in a third-party library on which other projects depend, but have not yet been fixed. ”As a result, we don’t know what exploit this is linked to, but ZDNet notes that the moment brings him closer to revelations about a campaign carried out by North Korean hackers that targeted security researchers, who may have relied on zero-day exploits on Chrome and Internet Explorer.
Regardless of where or how the bug is being exploited, you still want to update your browser (and keep an eye on patches for other potentially affected software, such as another Chromium-based browser) right away. Like ZDNet and BleepingComputer observed, this happens occasionally. A notable fix in 2019 required a reboot for the fix to take effect, and there was a period last fall when, in a month, Google approached five zero days that were being actively exploited.